<?php
require_once('kernel.inc');
$TPL_AUTH_FORM = "admin.login.tpl.html";
$TPL_REG_USER  = "meccano.register.user.tpl.html";
$TPL_REMINDER  = "";

$register = isset($_REQUEST['register']) ? true                      : false;
$reminder = isset($_REQUEST['remind'])   ? true                      : false;
$passkey  = isset($_GET['passkey'])      ? isAlpha($_GET['passkey']) : false;
$error    = false;
$make     = false;
$confirm  = false;

// AUTHORIZATION
if(!empty($_REQUEST['login']) && !empty($_REQUEST['pwd']))
{
   $AUTH->authorization($_REQUEST['login'], $_REQUEST['pwd']);
}

// LOGOUT
if(isset($_REQUEST['logout'])) $AUTH->logout();


// PROCEED IF LOGED IN
if($AUTH->logedstatus === true)
{

   $SMARTY->display('admin.framer.tpl.html');

   // REGISTER PROCEDURE
} elseif($MECCANO->system['multi_user'] == 1 && $register != false)
{

   if($submit != false)
   {
      $login  = isset($_POST['login'])  ? isAlpha($_POST['login'])      : false;
      $email  = isset($_POST['email'])  ? isEmail($_POST['email'])      : false;
      $name   = isset($_POST['name'])   ? prepare_str($_POST['name'])   : '';
      $family = isset($_POST['family']) ? prepare_str($_POST['family']) : '';

      if($login == false || $email == false)
      {
         $error = 'user_inputs';
      }
      if($error == false)
      {
         $DB->DB_QueryBuilder('SELECT COUNT(*) FROM meccano_users WHERE login = "%s"', array($login));
         $DB->DB_Query();
         if($DB->DB_GetResult() > 0)
         {
            $error = 'user_exist';
         }
      }

      if($error == false)
      {
         $pwd         = generate_pass(7);
         $rights      = serialize(false);
         $passkey     = md5(time());
         $url         = "http://".$_SERVER['HTTP_HOST'];
         $passkeylink = $url . "/admin/index.php?register=1&passkey=".$passkey;

         $SMARTY->assign('url', $url);
         $SMARTY->assign('login', $login);
         $SMARTY->assign('password', $pwd);
         $SMARTY->assign('passkeylink', $passkeylink);

         $mail_body = $SMARTY->fetch('meccano.reg_notification.mail.html');
         $mail_body = explode('#', $mail_body);
         $subject   = trim(array_shift($mail_body));
         $mail_body = implode('\n', $mail_body);

         include_once(LIBRARIES."/class.phpmailer.php");

         $MAIL = new PHPMailer();
         $MAIL->IsMail();
         $MAIL->IsHTML(false);
         $MAIL->CharSet  = 'UTF-8';
         $MAIL->Subject  = $subject;
         $MAIL->Body     = $mail_body;
         $MAIL->From     = 'noreplay@'.$_SERVER['HTTP_HOST'];
         $MAIL->FromName = 'noreplay@'.$_SERVER['HTTP_HOST'];
         $MAIL->AddAddress($email, $name . " " . $family);

         if($MAIL->Send())
         {
            $DB->DB_QueryBuilder("INSERT INTO meccano_users (login, pwd, email, name, family, rights, valid) VALUES ('%s', MD5('%s'), '%s', '%s', '%s', '%s', '0')", array($login, $pwd, $email, $name, $family, $rights));
            $DB->DB_Query();

            $DB->sql = "INSERT INTO meccano_registratura (id, passkey) VALUES (" . $DB->DB_LastID() . ", '" . $passkey . "')";
            $DB->DB_Query();

            $make = true;
         } else
         {
            $error = "mailer";
         }
      }

      $passkey = false;

   } elseif ($passkey != false)
   {
      $fecha = date("Y-m-d H:s:i", time()-$MECCANO->system['confirm_days']*24*60*60);
      $DB->sql = "DELETE rg, usr FROM meccano_registratura AS rg, meccano_users AS usr WHERE rg.fecha < '" . $fecha . "' AND rg.id = usr.id";
      $DB->DB_Query();

      $DB->sql = "SELECT id FROM meccano_registratura WHERE passkey = '" . $passkey . "'";
      $DB->DB_Query();

      if($DB->DB_GetRows() == 1)
      {
         $DB->sql = "UPDATE meccano_users SET valid = '1' WHERE id = " . $DB->DB_GetResult(0, 'id');
         $DB->DB_Query();

         $DB->sql = "DELETE FROM meccano_registratura WHERE passkey = '" . $passkey . "'";
         $DB->DB_Query();

         $confirm = true;
      }
   }

   $SMARTY->assign('error', $error);
   $SMARTY->assign('make',  $make);
   $SMARTY->assign('confirm', $confirm);
   $SMARTY->display($TPL_REG_USER);

} elseif ($reminder != false)
{
   $login  = isset($_POST['login'])  ? isAlpha($_POST['login']) : false;
   if($submit != false && $login != false)
   {
      $DB->sql = 'SELECT * FROM meccano_users WHERE login = "' . $login . '"';
      $DB->DB_Query();

      if($DB->DB_GetRows() == 1)
      {
         $email  = $DB->DB_GetResult(0, 'email');
         $name   = $DB->DB_GetResult(0, 'name');
         $family = $DB->DB_GetResult(0, 'family');
         $pwd    = generate_pass(6);

         $SMARTY->assign('name', $name);
         $SMARTY->assign('family', $family);
         $SMARTY->assign('password', $pwd);

         $mail_body = $SMARTY->fetch('meccano.reg_remind.mail.html');
         $mail_body = explode('#', $mail_body);
         $subject   = trim(array_shift($mail_body));
         $mail_body = implode('\n', $mail_body);

         include_once(LIBRARIES."/class.phpmailer.php");

         $MAIL = new PHPMailer();
         $MAIL->IsMail();
         $MAIL->IsHTML(false);
         $MAIL->CharSet  = 'UTF-8';
         $MAIL->Subject  = $subject;
         $MAIL->Body     = $mail_body;
         $MAIL->From     = 'noreplay@'.$_SERVER['HTTP_HOST'];
         $MAIL->FromName = 'noreplay@'.$_SERVER['HTTP_HOST'];
         $MAIL->AddAddress($email, $name . " " . $family);

         if($MAIL->Send())
         {
            $DB->sql = "UPDATE meccano_users SET pwd = MD5('" . $pwd . "') WHERE login = '" . $login . "'";
            $DB->DB_Query();

            $make = true;
         } else
         {
            $error = "mailer";
         }
      }

      $error = 'account';
   }

   $SMARTY->assign('error', $error);
   $SMARTY->assign('make', $make);
   $SMARTY->display($TPL_REMINDER);
} else
{

   // LOGIN FORM
   $SMARTY->assign('error', $AUTH->error);
   $SMARTY->display($TPL_AUTH_FORM);
}
?>